Android users are again at risk due to a newly discovered flaw in Qualcomm Chipsets. Qualcomm Chipsets are very popular and this vulnerability affects more than 900 million Android devices around the globe.
Soon after it was reported to Qualcomm, the company issued patches to fix it. But, the Worst thing about this vulnerability is that many devices will never receive a patch to fix this. It is because the issue can be fixed via security patch released by the carrier or distributor.
Note: The recently-announced BlackBerry DTEK50, which the company claims to be the “most secure Android smartphone,” is also vulnerable to one of the flaws.
Researchers from Check Point found a set of 4 vulnerabilities and show disclosed it at DEF CON 24 security conference in Las Vegas. They call it ‘QuadRooter’ which affects Android devices running on Android Marshmallow. It allows the attacker to gain root-level access to any Qualcomm device.
The four security vulnerabilities are:
- CVE-2016-2503 discovered in Qualcomm’s GPU driver and fixed in Google’s Android Security Bulletin for July 2016.
- CVE-2016-2504 found in Qualcomm GPU driver and fixed in Google’s Android Security Bulletin for August 2016.
- CVE-2016-2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.
- CVE-2016-5340 presented in Qualcomm GPU driver and fixed, but patch status unknown.
Any attacker can write a malicious code and sent it to the victim in the form of the malicious app. When installed on the phone, this app can execute without requiring any special permission checks.
How to check if your phone is vulnerable to this attack?
If you are worried, you can check if your phone or tablet is vulnerable to ‘Quadrooter’ attach by using the Check Point’s free app. Download this app in your phone and check if your phone is vulnerable.
This is the list of most popular phones vulnerable to this attack
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
- OnePlus One, OnePlus 2 and OnePlus 3
- Google Nexus 5X, Nexus 6 and Nexus 6P
- Blackphone 1 and Blackphone 2
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- BlackBerry Priv
- And many more running on Qualcomm Chipsets.
Three out of these 4 vulnerabilities have already been fixed in Google’s latest set of monthly security updates. Patch for remaining flaw will be available in upcoming September update.
Qualcomm has also made available the code to Phone manufacturers to make the patching process faster.
